CVE-2025-6227

Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API.

CVSS v3 2.2 LOW

2.2^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.7 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://mattermost.com/security-updates	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mattermost:mattermost_server::::::::
	cpe:2.3:a:mattermost:mattermost_server::::::::

History

No history.

Information

Published : 2025-07-18 12:15

Updated : 2025-10-14 14:32

NVD link : CVE-2025-6227

Mitre link : CVE-2025-6227

CVE.ORG link : CVE-2025-6227

JSON object : View

Products Affected

mattermost

mattermost_server

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2025-6227", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2025-07-18T12:15:23.843", "references": [{"url": "https://mattermost.com/security-updates", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API."}, {"lang": "es", "value": "Las versiones de Mattermost 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 no pueden negociar un nuevo token al aceptar la invitaci\u00f3n, lo que permite que un usuario que intercepta tanto la invitaci\u00f3n como la contrase\u00f1a env\u00ede payloads de sincronizaci\u00f3n al servidor que cre\u00f3 originalmente la invitaci\u00f3n a trav\u00e9s de la API REST."}], "lastModified": "2025-10-14T14:32:24.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F117291-CF45-4790-8BEB-E51DB0BAEF82", "versionEndExcluding": "9.11.17", "versionStartIncluding": "9.11.0"}, {"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86CE4B65-61C3-4994-88AB-06AC79F92965", "versionEndExcluding": "10.5.8", "versionStartIncluding": "10.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}